Skip to content

ADManagedServiceAccount: Optionally accept an array of SPNs and also support for TrustedForDelegation #717

New issue
New issue
Open
Open
ADManagedServiceAccount: Optionally accept an array of SPNs and also support for TrustedForDelegation#717
Labels
enhancementThe issue is an enhancement request.help wantedThe issue is up for grabs for anyone in the community.
@rismoney

Description

@rismoney
rismoney
opened on Aug 30, 2024

Problem description

Assuming a very large number of Managed Service Account management, it is not performant to manage their SPNs and TrustedForDelegation setting independently.

There already is a separate resource for Service Principal Names, but it would be very helpful to add the ability to set the SPN attribute for the AD Managed Service Account via the MSFT_ADManagedServiceAccount directly. Also the AD User supports TrustedForDelegation.

Verbose logs

n/a

DSC configuration

n/a

Suggested solution

        ADManagedServiceAccount 'ExampleStandaloneMSA'
        {
            Ensure             = 'Present'
            ServiceAccountName = 'Service01'
            AccountType        = 'Standalone'
           **ServicePrincipalNames = @('MSSQLSvc/sqlalias.contoso.com:1433','MSSQLSvc/hostname.contoso.com:1433')
           TrustedForDelegation = $true**
        }

Operating system the target node is running

Win2022

PowerShell version and build the target node is running

5.x Win2022

ActiveDirectoryDsc version

ActiveDirectoryDsc 6.2.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementThe issue is an enhancement request.help wantedThe issue is up for grabs for anyone in the community.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions